<?php
$root = $_SERVER['DOCUMENT_ROOT'];
include($root . "/util/session.php"); //checks that the user is logged in
include($root . "/util/privilege_check.php");
checkPrivilege("admin");

$degreeID = mysqli_real_escape_string($db, $_GET['degreeID']);
$subjectID = mysqli_real_escape_string($db, $_GET['subjectID']);
$query = "SELECT * FROM students_subjects join user_info on students_subjects.studentID=user_info.login where students_subjects.degreeID='$degreeID' and students_subjects.subjectID='$subjectID' ";
$result = mysqli_query($db, $query);
?>

<!DOCTYPE html>
<html lang="en">

<head>
	<title>Subject Students List</title>
	<link rel="stylesheet" type="text/css" href="adminStyle.css">
	<link rel="stylesheet" type="text/css" href="tableStyle.css">
</head>

<?php
include($root . "/admin/header.php");
?>

<main>

	<body>

		<li><a href="/admin/subjectList.php?degreeID=<?php echo $degreeID ?>">Back</a></li>
		<li><a href="/admin/subjectStudentAdd.php?degreeID=<?php echo $degreeID ?>&&subjectID=<?php echo $subjectID ?>">Add a student</a></li>
		<table border="1px" id="users">
			<thead>
				<tr>
					<th>Actions</th>
					<th>Degree ID</th>
					<th>Subject ID</th>
					<th>Student ID</th>
					<th>Student Name</th>
				</tr>
			</thead>
			<tbody>
				<?php //ugly php + html hybrid code that does stuff
				while ($row = mysqli_fetch_assoc($result)) { ?>
					<tr>
						<td>
							<a href="/admin/subjectsStudentsRemove.php?subjectID=<?php echo $row['subjectID'] ?>&&degreeID=<?php echo $row['degreeID'] ?>&&studentID=<?php echo $row['studentID'] ?>">Remove</a>
						</td>
						<td><?php echo $row['degreeID']; ?>
						</td>
						<td><?php echo $row['subjectID']; ?></td>
						<td><?php echo $row['studentID']; ?></td>
						<td><?php echo $row['full_name']; ?></td>
					</tr>
				<?php } ?>
			</tbody>
		</table>

	</body>

</html>
</main>

<?php
include($root . "/admin/footer.php");
?>